bsigroup.

com

5 facts you need to know about information security and standards

Your at-a-glance guide

The British adoption of the ISO, BS EN ISO/IEC 27001 is a UK standard for information security. It’s an
approach to protecting business data that can be applied by any size organization, in any sector, to
continually improve how data is stored, managed and used.

1 It’s more important than ever to protect

your company’s information
Every business holds more data than ever before;
in fact, over 90% of all the data in the world
was created in the last two years. And yet for
many organizations, IT and data security aren’t a
central focus. It’s essential that you have a robust
information security system in place; without one,
you run the risk of a data breach that could cost
you thousands of pounds in fines, lost businesses
and reputational damage.
3 Information
IT system
security isn’t just about your
Data Protection Manager
Marketing and branding agency
Hackers stealing data is what we tend to think of
As you work through it, you realize it all makes
when we hear “data security”, but many seemingly perfect sense. I felt so much more aware of
harmless actions can be a data security risk. Using risks to our enterprise but in a much better
a password that is too simple and can be easily position to address them… It’s allowed us to
reach more clients and that has to be a benefit
guessed or sending an email to the wrong person are
for every single person there.”
everyday things that can be potentially dangerous –
and that an ISMS can help prevent.
Ian Waterhouse

2
Information Security Programme Manager,
Information security standards give you a Legal Ombudsman for England and Wales
guide to protecting data
ISO/IEC 27001 certification allows us to
Standards are used by millions of businesses provide our clients with confidence that their
every day to improve productivity, efficiency, information is being protected.”
sustainability, product quality and more. Standards
make this possible by bringing together experts
in a field (for example, information security) and
combining their knowledge in a document which
can then be used by any other organization to
improve how they do things.
BSI 5 facts you need to know about information security and standards
4 You don’t have to implement every
recommendation to benefit from a
standard
A small business will operate very differently from a
much larger organization with multiple offices, and
they’ll have different data security needs, too. A
business can start benefiting from an information
security standard as soon as it implements the
first recommendation – and those benefits only
increase the closer you get to certification.
Paul Brazier Commercial Director, Overbury
Don’t try and change your business to fit the standard.
Think about how you do things and how that standard
reflects on how you do it, rather than the other way
around.”
Start your standards journey
bsigroup.com
5 An ISMS can benefit the whole company
An effective ISMS can change your organization’s
entire data and IT culture for the better. As well as
protecting you from cyber threats, an ISMS can help
everyone work more efficiently by storing documents
in one place; improve company culture by involving
and educating everyone about data security; and
reduce costs by minimizing risk and being more
selective about data security methods.
Lyndon Wild MD, Laminar Medica
Having the standard in place plays an important
role when we are bidding for work and it has almost
certainly brought us new business. When we tender for
contracts I’m sure we gain points because we comply.”
Visit BSI Knowledge or to find out more about information security
and standards contact our customer service team on 0345 086 9001.